Outline for November 10, 2003

Reading: Chapters 14.6, 15.2

Discussion Problem

A web site has a form that asks for your mailing address, and sends
some information to the address you give it. Recently, an attacker
was able to download the web server's logs, containing the user
names, IP addresses, and file names that other users accessed. The
attacker is known only to have accessed the form on the web page.

How do you think the attacker read the log files?

The site fixed that particular bug, but has since become nervous
about people launching denial of service attacks on others through
them. Could you use the web form to do this? If so, what could the
site do to prevent this?